A Secure Cloud Storage System with Data Forwarding using Proxy Re-encryption Scheme

Page 1

INTERNATIONAL JOURNAL FOR TRENDS IN ENGINEERING & TECHNOLOGY VOLUME 4 ISSUE 2 – APRIL 2015 - ISSN: 2349 - 9303

A Secure Cloud Storage System with Data Forwarding using Proxy Re-encryption Scheme Dr. S. Sankar Ganesh2

P. Vidhya Lakshmi1

Associate Professor Department of Information Technology 2 National Engineering College, ssganesa@yahoo.com

Student II Year M.E Department of Information Technology 1 National Engineering College, vidhyapl1992@gmail.com

Abstract— Cloud computing provides the facility to access shared resources and common support which contributes services on demand over the network to perform operations that meet changing business needs. A cloud storage system, consisting of a collection of storage servers, affords long-term storage services over the internet. Storing the data in a third party cloud system cause serious concern over data confidentiality, without considering the local infrastructure limitations, the cloud services allow the user to enjoy the cloud applications. As the different users may be working in the collaborative relationship, the data sharing becomes significant to achieve productive benefit during the data accessing. The existing security system only focuses on the authentication; it shows that user’s private data cannot be accessed by the fake users. To address the above cloud storage privacy issue shared authority based privacy-preserving authentication protocol is used. In the SAPA, the shared access authority is achieved by anonymous access request and privacy consideration, attribute based access control allows the user to access their own data fields. To provide the data sharing among the multiple users proxy re-encryption scheme is applied by the cloud server. The privacy-preserving data access authority sharing is attractive for multi-user collaborative cloud applications. Index Terms— Authentication Protocol, Cloud computing, Privacy Preserving, Shared Authority ——————————  ——————————

1 INTRODUCTION Cloud computing is one of the emerging technologies [10]. The cloud environment is a large open distributed system. Hence it is important to preserve the data, as well as, privacy of users, without considering the local infrastructure limitations; the cloud services allow the user to enjoy the cloud applications. [3], [4]. The ―Cloud‖ is the default symbol of the internet in diagrams. The broader term of ―Computing‖ encompasses: computation, co-ordination logic, storage. Fig. 1 describes that the cloud computing is a term used to refer a model of computing the network, in which a program or application runs on a connected servers rather than on a local computing device such as a system, tablet or Smartphone. Research in cloud computing is receiving a great deal of attention from each educational and industrial worlds. In cloud computing, users will source their compute and storage to servers (also called clouds) exploitation web. This frees users from the hassles of maintaining resources on-site. Clouds will give many varieties of services, infrastructures and platforms assist developers write applications (e.g., Amazon’s S3, Windows Azure) [5]. Since services are outsourced to a foreign server, security and privacy are of huge concern in cloud computing. In one hand, the user ought to evidence itself before initiating any dealings, and on the opposite hand, it should be ensured that the cloud will not tamper with the information that's outsourced. User privacy is additionally required so the cloud or different users don't apprehend the identity of the user. The cloud will hold the user in control of the information it outsources, and likewise, the cloud is itself in control of the services it provides. It also verifies validity of the user who stores the information. Except for the technical solutions to confirm security and privacy, there's conjointly a necessity for enforcement. Efficient search is additionally a very important concern in clouds.

Fig. 1 Cloud Computing overview Cloud Computing is a model for enabling convenient, on-demand network access for a shared pool of computing resources to be configured [1] (e.g., networks, servers, memory capacity, applications and services) that can be provisioned and released with minimal effort of management or service provider interaction. This Cloud model can be composed of essential characteristics-5, service models-3 and deployment models-4.

1.1 Infrastructure as a service (IaaS) According to basic cloud-service model & the IETF (Internet Engineering Task Force), providers of IaaS offer computers – physical or (more often) virtual machines – and other sources. (Pools of cloud operational support-system can support large numbers of virtual tools and the ability to scale the services up and down according to various consumers’ choice.) Extra sources provided by IaaS clouds are virtualmachine disk image library and object storage, load balancers, IP addresses, virtual local area networks (VLANs), software etc. IaaScloud providers supply those resources on on-demand from their large pools installed in the data point centers. For far distance network

135


INTERNATIONAL JOURNAL FOR TRENDS IN ENGINEERING & TECHNOLOGY VOLUME 4 ISSUE 2 – APRIL 2015 - ISSN: 2349 - 9303 connection, users can use clouds for their network connections . To deploy their applications, cloud users install operating-system images and their application software on the cloud computing structure. Charges on IaaS services provided by Cloud providers are on the basis of utility computing: that is cost reflects the amount of resources allocated and used.

1.2 Platform as a service (PaaS) The most complex among the three is cloud platform services or ―Platform as a Service‖ (PaaS) that delivers the computational process through a cloud. Developers grow due to PaaS. It is a model that they can build to improve or customize the applications. PaaS avoids the need of maintaining the hardware and software that makes the developers to develop an application with faster, simpler, and with low cost. Test an application with faster, simpler, and with low cost.. With PaaS, the providers still need to manage the runtime, soft ware, middleware, O/S, servers, memory, and networking, but stack holders only need to maintain their applications and their data. 1.3 Software as a service (SaaS) In the business model using software as a service (SaaS), users are provided to access application software and databases. Applications infrastructure and platforms are managed by the Cloud providers. SaaS is also referred to as "on-demand software" and is usually rated on a pay/use basis. In the SaaS model, cloud providers make use of cloud to install and operate application software. The cloud users access the software from cloud clients to use the applications. Cloud users need not to manage the infrastructure and platform of the cloud where the application runs. This allows the user to eliminate the process of install and run the application in their own computers, which simplifies maintenance and support of the software in the computers. Cloud is different from other in basis of their applications due to their scalability—which can be attain by cloning tasks onto various virtual machines at run-time to meet the work demand that changes frequently Load balancers provide the work over the large set of virtual machines. This process is also known to the cloud user, who sees only a single access point. To accommodate a large number of cloud users, cloud applications can be multitenant, that is, any machine serves more than one cloud user organization. A monthly or yearly fee per user is the pricing model for SaaS applications, so if users are added or removed at any point the price is scalable and adjustable that is it does not affect the system. IT operational costs, hardware and software maintenance and support to the cloud provider will be reduced by the Saas proponents claim. This enables the business to reallocate IT operations costs away from hardware/software spending and personnel expenses, towards meeting other goals. In addition, with applications hosted centrally, updates can be released without the need for users to install new software. One drawback of SaaS is that the users' data are stored on the cloud provider's server. As a result, there could be a possible for unauthorized access to the data. For this reason, an intelligent thirdparty key management system is increasingly adopting by the user to help to secure their data.

Service‖ (IaaS), delivers computer infrastructure (such as a platform virtualization environment etc.,), memory, and networking. In order to buy the overload of hardware and the networking equipments the user can only afford the cloud where there is an outsourced service that is users are billed according to the amount of resource they use. Basically, in exchange for a rental fee, a third party of the cloud allows the user to install a virtual server on their IT infrastructure.

2

PROXY RE-ENCRYPTION SCHEME

Proxy re-encryption schemes [3] are cryptosystems which allow third parties (proxies) to alter a ciphertext which has been encrypted for one entity, so that it may be decrypted by another entity. Proxy re-encryption schemes are similar to traditional symmetric or asymmetric schemes, with the addition of two functions.

2.1 Delegation Delegations allow a message recipient (key holder) to generate a reencryption key based on his secret key based and the key of the delegated user. This re-encryption key is used as input data to the reencryption function, which is finished as ciphertexts to the delegated key for users. Asymmetric proxy re-encryption schemes come in bidirectional and unidirectional varieties. •

In a bi-directional scheme, the re-encryption scheme is reversible, i.e., the re-encryption key can be used to translate messages from Jack to Charlie, as well as from Charlie to Jack. This can have various security issues, depending on the application. One notable characteristic of bi-directional schemes is that both the delegate and delegated party (e.g., Charlie and Jack) must combine their secret keys to produce the reencryption key.

A Unidirectional scheme is effectively one-way; messages can be re-encrypted from Jack to Charlie, but not the reverse. Unidirectional schemes can be constructed such that the delegated party need not reveal its secret key. For example, Jack could delegate to Charlie by combining his secret key with Charlie's public key.

2.2 Transitivity Transitive proxy re-encryption schemes allow for a ciphertext to be re-encrypted a various number of times. For example, a ciphertext of the jack might be re-encrypted from Jack to Charlie, and then again it was re-encrypted from Charlie to Ravi and so on. Non-transitive schemes allow for only one (or a limited number) of re-encryptions on a given ciphertext. Currently, there is no known Unidirectional, transitive proxy re-encryption scheme.

3 PROPOSED WORK Fig. 2 illustrates a system model for the cloud storage architecture. The owner uploads the file in the server and it was in encrypted format. If any user what the owner file, then user send the request to the server for download. Then the server checks the file attributes and policy. If the requested file attribute and stored file’s attributes are matched, it will allow accessing the file. Otherwise, doesn’t allow accessing the file 3.1 Admin Login

Cloud infrastructure services, is also known as ―Infrastructure as a

The admin is an administrator who administrates the system. The

136


INTERNATIONAL JOURNAL FOR TRENDS IN ENGINEERING & TECHNOLOGY VOLUME 4 ISSUE 2 – APRIL 2015 - ISSN: 2349 - 9303 admin login page was meant to provide the security of the unauthorized access. Without the knowledge of the admin no one can access the system. Here the admin was used to maintain the users and doctors’ details. It also forwards the user details in the cloud.

3.2 User Login Users are having authentication and security to access the details which are present in the cloud. Before accessing or searching the details user should have the account in that otherwise they should register first. After entering into the cloud, he/she can access the required file by entering the field. This field is being stored by the admin while uploading the file in the cloud. 3.3 Access Control Access control is generally a policy or procedures that allow, denies or reduce the access to a system. It may, as well, guide and report all attempts made to access a system. Access Control may also analyze

file. A personal health record, or PHR, is a health account where health data and information related to the care of a user is maintained by the user. The intention of a PHR is to provide a complete and accurate summary of an individual's medical history which is accessible online. The user can view us description from start date to now a day. But user cannot change any detail in PHR monitoring. The admin only has permission for adding records, deleted records. 3.4 Trust Level Assignment The trust level determines the permissions that are granted by the admin. There are three trust categories; they are high, medium and low. An application that has high trust permission can access all the resource type and perform privileged operations. Medium trust permission has less access than the higher trust level. Low trust permission has much less access when compared to, high and medium levels. For example, in hospital management, external users like a pharmacist, part-time doctors’, and advisory people may be in a need to view user details for carryover of their work. In this case their trust level has to assign as low, medium or high based on their relationship with the hospital manager. Thereby, through their relationship status, find a trust level assigned to them and based on the assigned trust level, find necessary PHR details forwarded to them. The assignment of trust levels to the non- patient to access the user health record. Depending on the trust level the data is encrypted and show to the non-users. This trust level assignment is given by admin only. The admin has only rights to assign the trust level of the non-users. In this three levels are there which is discusses in beginning of this chapter. If a high level is given to the Doctor of the hospital that is doctor can see the 100% result of the user record. If a medium level is given to the nurse of the hospital that is nurse can see only little information about 50% to 60% result of the user record. If a low is given to the Third party result is much lesser than the medium and high level so here only about 30% result of the user record.

Fig. 2 The cloud storage system model

users attempting to access a system unauthorized. In all these access controls, user (subjects) and resources (objects) are identified by the name given to them uniquely names. Identification may be done directly or through roles assigned to the subjects. These access control methods are efficient in the unchangeable distributed system, where there is only a set of Users with a known set of services.

Access control is a method to specify to ensure only authorized user access the data and the system. Very large distributed open systems are developing very rapidly. These systems are like virtual organizations with various autonomous domains. The relationship between users and resources is dynamic and more ad-hoc in cloud and inter cloud systems. In these systems, users and resource providers are not in the same security domain. Users are normally identified by their attributes or characteristics and not by predefined identities.

The admin has a wider control over the data, since it is being shared in the cloud. In order to provide security, access control is used. If the admin allows the user to access the data, then he/she can access it. If the access control is denied, then the user cannot download the

3.5 Encryption and Decryption Encryption is the process of transforming information so it is insignificant to anyone but the predetermined recipient. Decryption is the process of reconstruct encrypted information so that it is valid again. A cryptographic algorithm, also called a cipher, is an analytical function used for both encryption and decryption. In many cases, two related works are employed, one for encryption process and the other for decryption process. In the modern cryptography, the ability to keep encrypted data secretly is based not only on the cryptographic algorithm but also on a number which is called as a key that must be used within the algorithm to provide an encrypted result or to decrypt the encrypted information. Decrypting the data with the correct key is simple process. But decrypting the data without the correct key is very difficult process, and in some cases it is impossible for all practical purposes. When the user uploads any file in the cloud, he/she has to encrypt and send. In this module, proxy re-encryption scheme [7] is used. This scheme supports encoding operations over encrypted messages as well as forwarding operations over encoded and encrypted messages [4]. Thus the data is totally secured. The decryption is the reverse process of the encryption that is one need to perform decode and decryption operation to view the original data.

137


INTERNATIONAL JOURNAL FOR TRENDS IN ENGINEERING & TECHNOLOGY VOLUME 4 ISSUE 2 – APRIL 2015 - ISSN: 2349 - 9303 Multilevel encryption over PHR is enabled through this phase. In this phase possibly the health record information is subjected to additive perturbation through inclusion of Gaussian noise and further made ready to be submitted to various trust level of outsiders On the other side, the user has to perform decode and decryption operation.

3.6 File Upload and Download In this module admin uploads the file (along with Meta data) into database, with the help of existing metadata and its contents, the end user can download the file. The downloaded file was in encrypted form, only registered and allowed user can decrypt the file. The user can download the required file from the cloud database. This system also suggests suitable parameters for the number of copies of a message dispatched to the storage servers and the number of storage servers queried by a key server. The parameters mentioned above allow more flexible adjustment between the number of storage servers and robustness. Each individual doctor is given a clear and secured platform for viewing the record details and prescription information.

[7]

[8]

[9]

[10]

4 CONCLUSION In this paper, to achieve a privacy preserving access authority sharing in cloud computing. We identify a new privacy challenge during data accessing. Data confidentiality and data integrity is guaranteed by authentication. During the transmission the wrapped values are exchanged hence data anonymity is achieved. Anonymous access requests enhances the user privacy that privately inform the cloud server about the user access desires. To prevent the session correlation, the session identifiers realizes the forward security. This shows that the proposed scheme can applied for enhanced privacy preservation in cloud applications.

REFERENCES [1]

[2]

[3]

[4]

[5]

[6]

Atul Adya, William J. Bolosky, Miguel Castro, Gerald Cermak, Ronnie Chaiken, John R. Douceur, Jon Howell, Jacob R. Lorch, Marvin Theimer, and Roger P. Wattenhofer, ―Farsite: Federated, Available, and Reliable Storage for an Incompletely Trusted Environment,‖ Proc. Fifth Symp. Operating System Design and Implementation (OSDI), pp. 1-14, 2002. A. Haeberlen, A. Mislove, and P. Druschel, ―Glacier: Highly Durable, Decentralized Storage Despite Massive Correlated Failures,‖ Proc. Second Symp. Networked Systems Design and Implementation (NSDI), pp. 143-158, 2005. Hsiao-Ying Lin and Wen-Guey Tzeng, ―A Secure Erasure CodeBased Cloud Storage System with Secure Data Forwarding,‖ IEEE Transactions on Parallel and Distributed Systems, vol. 23, no. 6, pp. 995-1003, 2012. Hong Liu, Student Member, IEEE, Huansheng Ning, Senior Member, IEEE, Qingxu Xiong, Member, IEEE, and Laurence T. Yang, Member, IEEE ―Shared Authority Based Privacy-preserving Authentication Protocol in Cloud Computing‖ IEEE Transactions on Parallel and Distributed Systems. J. Chen, Y. Wang, and X. Wang, ―On-Demand Security Architecture for Cloud Computing,‖ Computer, vol. 45, no. 7, pp. 73-78, 2012. John Kubiatowicz, David Bindel, Yan Chen, Steven Czerwinski, Patrick Eaton, Dennis Geels, Ramakrishna Gummadi, Sean Rhea, Hakim Weatherspoon, Westiey Weimer, Chris Wells, and Ben Zhao, ―Oceanstore: An Architecture for Global-Scale Persistent

138

Storage,‖ Proc. Ninth Int’l Conf. Architectural Support for Programming Languages and Operating Systems (ASPLOS), pp. 190- 201, 2000. Jun Shao and Zhenfu Cao, ―CCA-Secure Proxy Re-Encryption without Pairings,‖ Proc. 12th Int’l Conf. Practice and Theory in Public Key Cryptography (PKC), pp. 357-376, 2009. L. A. Dunning and R. Kresman, ―Privacy Preserving Data Sharing With Anonymous ID Assignment,‖ IEEE Transactions on Information Forensics and Security, vol. 8, no. 2, pp. 402-413, 2013. Qiang Tang, ―Type-Based Proxy Re-Encryption and Its Construction,‖ Proc. Ninth Int’l Conf. Cryptology in India: Progress in Cryptology (INDOCRYPT), pp. 130-144, 2008. R. Moreno-Vozmediano, R. S. Montero, and I. M. Llorente, ―Key Challenges in Cloud Computing to Enable the Future Internet of Services,‖ IEEE Internet Computing, [online] ieeexplore. ieee.org/stamp/stamp.jsp?tp=&arnumber=6203493, 2012.


Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.